Aonatsu[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Aonatsu.exe
Size

5.1MB
MD5

764933e447a8bf2bd56bafb9082926de
SHA1

8e476bf18ecc5bea9f2513dfea887136f0d7bf35
SHA256

a81ed8e7738f8f00c58cb0a35c269a5a942c5ca46eb905f66b48f8091563baf2
SHA512

9d95718c7cd3a299649198fa40567a9f2269368484f0b833e8af4d3e8e41fef233fda0d9045c638aa93d4cf08e99ffc88499c9ae1d53f2af94aec0c68577a789
SSDEEP

98304:aJwk8EMdACzrUSgsbyWXcap+7aDp2Sgib9MCE1:aJmEMdNzAH9UBP9MB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Aonatsu.exe

Files

Aonatsu.exe
.exe windows:5 windows x86 arch:x86

a16886db1e46080fa2af9dfab41e5d29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetModuleHandleA
lstrcmpiA

user32

MessageBoxA

imm32

ImmSetCompositionWindow

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

advapi32

RegQueryValueExA

version

VerQueryValueA

Sections

Size: 1.0MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detour
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qfoendjq
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fuwqreqv
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fuwqreqv
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a16886db1e46080fa2af9dfab41e5d29

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

gdi32

ole32

advapi32

version

Sections

Size: 1.0MB - Virtual size: 3.7MB

.rsrc Size: 125KB - Virtual size: 124KB

.detour Size: 8KB - Virtual size: 7KB

.idata Size: 1024B - Virtual size: 4KB

Size: 512B - Virtual size: 3.7MB

qfoendjq Size: 3.9MB - Virtual size: 3.9MB

fuwqreqv Size: 512B - Virtual size: 4KB

fuwqreqv Size: 3KB - Virtual size: 4KB

.data Size: - Virtual size: 4KB

.rsrc
Size: 125KB - Virtual size: 124KB

.detour
Size: 8KB - Virtual size: 7KB

.idata
Size: 1024B - Virtual size: 4KB

qfoendjq
Size: 3.9MB - Virtual size: 3.9MB

fuwqreqv
Size: 512B - Virtual size: 4KB

fuwqreqv
Size: 3KB - Virtual size: 4KB

.data
Size: - Virtual size: 4KB